urlquery - report: mbtinfor.cloud/624f861e65036b0dcebeab0b3b62cd88/?token=7852d9765a678edeeb168733c5b7b3ca666ea48b370a04fdb13230f1c892a1ad7675632d9304451749c24d2adcc8a744dfe1ad21e14b2cdcd38b289994282931","ReportType":"Phishing","ReportClass":"Content","SourceIp":"162.241.123.12

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782	2374	35.241.9.150
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3246	48289	34.120.237.76
nexus.ensighten.com (1)	2786	2012-05-23T20:34:00Z	2023-03-29T05:58:42Z	299	641	54.230.111.35
asset.mtb.com (1)	246397	2017-02-13T05:24:51Z	2023-03-29T10:25:14Z	403	15621	54.230.111.37
r3.o.lencr.org (5)	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	1690	4431	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413	5882	34.160.144.191
mbtinfor.cloud (9)	0	2023-03-20T18:59:27Z	2023-03-23T12:25:21Z	4877	8402	162.241.123.12
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606	127	54.200.175.54
ocsp.entrust.net (9)	1208	2014-01-10T03:18:45Z	2023-03-29T05:40:35Z	3060	17613	104.110.10.32
resources.mtb.com (8)	144011	2014-11-08T15:57:30Z	2023-03-29T10:25:12Z	3432	285984	24.75.29.77

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-23 11:12:32 UTC	high	162.241.123.12	Client IP	ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
2023-03-23 11:12:33 UTC	medium	162.241.123.12	Client IP	ET INFO 404 Response with Javascript Variable in Page
2023-03-23 11:12:36 UTC	medium	162.241.123.12	Client IP	ET INFO 404 Response with Javascript Variable in Page
2023-03-23 11:12:36 UTC	medium	162.241.123.12	Client IP	ET INFO 404 Response with Javascript Variable in Page
2023-03-23 11:12:36 UTC	medium	162.241.123.12	Client IP	ET INFO 404 Response with Javascript Variable in Page
2023-03-23 11:12:36 UTC	medium	162.241.123.12	Client IP	ET INFO 404 Response with Javascript Variable in Page

Date	UQ / IDS / BL	URL	IP
2023-03-23 11:25:32 UTC	7 - 6 - 0	mbtinfor.cloud/597541dfef857c4e17807dd9b82f67 (...)	162.241.123.12
2023-03-23 11:12:30 UTC	7 - 6 - 0	mbtinfor.cloud/624f861e65036b0dcebeab0b3b62cd (...)	162.241.123.12
2023-01-12 03:54:32 UTC	0 - 1 - 3	notaria70.mx/	162.241.123.12
2022-11-22 05:55:22 UTC	0 - 0 - 3	laylaakliluabdimelech.com/amazon-RD292-user-c (...)	162.241.123.12
2022-12-09 00:38:54 UTC	0 - 0 - 6	ompipes.com/astp/index.php?QBOT.zip	162.241.123.12

Date	UQ / IDS / BL	URL	IP
2023-06-02 05:42:05 UTC	3 - 0 - 1	marsanltda.cl/email/verification/sf_rand_stri (...)	108.167.149.244
2023-06-02 05:40:44 UTC	4 - 0 - 0	borges.tv.br/admin/v3rif/sf_rand_string_lower (...)	192.185.177.11
2023-06-02 05:01:17 UTC	2 - 0 - 0	qrtnd.sa.com/magic/city/sf_rand_string_lowerc (...)	162.241.71.248
2023-06-02 04:56:19 UTC	0 - 0 - 4	192.185.4.113/~ab36990/formlogon/0181dbfe6a69 (...)	192.185.4.113
2023-06-02 04:56:23 UTC	0 - 0 - 4	192.185.4.66/~secure3/cc84ccfdb04199ac33c9a19 (...)	192.185.4.66

Date	UQ / IDS / BL	URL	IP
2023-03-23 11:25:32 UTC	7 - 6 - 0	mbtinfor.cloud/597541dfef857c4e17807dd9b82f67 (...)	162.241.123.12
2023-03-23 11:12:30 UTC	7 - 6 - 0	mbtinfor.cloud/624f861e65036b0dcebeab0b3b62cd (...)	162.241.123.12
2023-03-23 11:10:44 UTC	7 - 2 - 0	mbtinfor.cloud/41730a87be0d0f08af566c147ee4ae (...)	2.57.90.16

Date	UQ / IDS / BL	URL	IP
2023-04-04 16:40:30 UTC	6 - 1 - 0	girlsandboots.com/mtbank1x1/login.php?online_ (...)	162.241.124.129
2023-04-04 16:40:28 UTC	8 - 1 - 0	girlsandboots.com/mtbank1x1/login.php?online_ (...)	162.241.124.129
2023-04-04 16:10:26 UTC	6 - 1 - 0	71x.co.uk/m+tbankx1/login.php?online_id=81228 (...)	69.49.235.107
2023-04-04 16:10:24 UTC	8 - 1 - 0	71x.co.uk/m+tbankx1/login.php?online_id=81228 (...)	69.49.235.107
2023-04-04 15:55:21 UTC	8 - 1 - 0	71x.co.uk/m+tbankx1/login.php?online_id=36a5f (...)	69.49.235.107

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9" Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8825 Expires: Thu, 23 Mar 2023 13:39:24 GMT Date: Thu, 23 Mar 2023 11:12:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: bea3185dd820a31c1981317f37c3456d Sha1: 1a548a5d27270fc11df9011837a7149571cedd78 Sha256: 469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171" Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3175 Expires: Thu, 23 Mar 2023 12:05:14 GMT Date: Thu, 23 Mar 2023 11:12:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 65fc860bc043f3fb83bdc3debdcd322d Sha1: 418010755deae099ef1284e402813c5837a10f42 Sha256: d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Thu, 23 Mar 2023 10:15:05 GMT age: 3434 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 84db75194692d4afe13196bda6f22da8 Sha1: 4c1f49bc973a4917f146d93c8d598344edc021f6 Sha256: a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF" Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3948 Expires: Thu, 23 Mar 2023 12:18:07 GMT Date: Thu, 23 Mar 2023 11:12:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 51a5d4696a6090c295850554508b51ce Sha1: c44e143c2223546e64b19f543b8101aaf3b11e97 Sha256: 8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: zKXPJl60t2Qkgft5P+24AplJh6HSufJFJkvpPp2sGq1ntf76wNsFnWymPcSHuY6mH+wMJUuRIwM= x-amz-request-id: 6GQAFJR9Q1MXK6RA x-amz-server-side-encryption: AES256 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Thu, 23 Mar 2023 10:54:01 GMT age: 1099 last-modified: Sat, 11 Mar 2023 16:53:15 GMT etag: "e7bace7c1e04d44012e37ddffe36e5d5" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: e7bace7c1e04d44012e37ddffe36e5d5 Sha1: 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 Sha256: 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /624f861e65036b0dcebeab0b3b62cd88/?token=7852d9765a678edeeb168733c5b7b3ca666ea48b370a04fdb13230f1c892a1ad7675632d9304451749c24d2adcc8a744dfe1ad21e14b2cdcd38b289994282931%22,%22ReportType%22:%22Phishing%22,%22ReportClass%22:%22Content%22,%22SourceIp%22:%22162.241.123.12 HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	162.241.123.12 HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Date: Thu, 23 Mar 2023 11:12:19 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b; path=/ Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Location: ../index.php Content-Length: 0 Keep-Alive: timeout=5, max=75 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 urlquery: - Phishing - M&T Bank IDS: - ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Thu, 23 Mar 2023 11:12:20 GMT content-length: 12 access-control-allow-credentials: true access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Thu, 23 Mar 2023 10:17:23 GMT age: 3297 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF" Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4131 Expires: Thu, 23 Mar 2023 12:21:11 GMT Date: Thu, 23 Mar 2023 11:12:20 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 050ca4dc2182e0a27573b0d9f32b7834 Sha1: bec14dc5af0d0b32210470673511acd8db404308 Sha256: b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: uKq1J3NmhO59Bt/te5gl2g== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	54.200.175.54 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: 033jOfWn8YVTZCFX6gxYqlhHou4= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /index.php HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b Upgrade-Insecure-Requests: 1	162.241.123.12 HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Date: Thu, 23 Mar 2023 11:12:20 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Location: 1e537f6a6bc5c6302d4014e0560ac2f6?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 22 Keep-Alive: timeout=5, max=75 --- Additional Info --- Magic: ASCII text Size: 22 Md5: 463423f62d72f0be0533a6b7f210fb35 Sha1: af361bf21971a8a9f15d8146e05ac69c5a30834f Sha256: 4dc8d44ac335e82b032a385918448022803a1f313fa4e866a08ecb3a6233c90f
GET /1e537f6a6bc5c6302d4014e0560ac2f6?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b Upgrade-Insecure-Requests: 1	162.241.123.12 HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=iso-8859-1 Date: Thu, 23 Mar 2023 11:12:21 GMT Server: Apache Location: http://mbtinfor.cloud/1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Content-Length: 398 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 398 Md5: a0bb76310ad6cb9a1cf2c6bda9f8b2c2 Sha1: 1167837eda49b9e7287cbbdac15885b3e48a3408 Sha256: 26c7b99d9a098d4a18d004dab6bf9811c50bce32214574613e3df596445c1a5c
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10057 Expires: Thu, 23 Mar 2023 13:59:59 GMT Date: Thu, 23 Mar 2023 11:12:22 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5950 x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CKyF9EI3oAMFtyQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA== via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 22:02:44 GMT age: 57605 etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5950 Md5: 800c2662fd6ab8829a02b7d63084c38d Sha1: 0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239 Sha256: 76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7419 x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: B9xbnE7OIAMFW2g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0 x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: W_FZ-TYlfmS1JSvZVG4v_4Iag3ssm5J2oYgk0LBdKqv-Q0KST6FkDQ== via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 20:21:35 GMT age: 53447 etag: "3518e8a18807209e94011806a96492e0d86ee9c9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7419 Md5: f777f840a3fc7e500c57a7cbdf88f26d Sha1: 3518e8a18807209e94011806a96492e0d86ee9c9 Sha256: 44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26aea22c-e627-45d1-bce6-55eaa4acfd06.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10816 x-amzn-requestid: 60a537d2-1b8a-4ae2-967c-a7e57c818cc6 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: B9xY0EHqoAMFrrQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6415629e-1be08f9f3a13492717fdaa48;Sampled=0 x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:02 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: pFf9EtVQUyRcUOT6Aj_L88__ZyBlVX61cOmPi70WnyxxPteVUFFXEw== via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 3f3347264bcaae7af741e2a2f692c6a0.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 20:21:35 GMT age: 53447 etag: "ee683e481a4501d2ab8ca63d1426d6fab6f2b064" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10816 Md5: f3aa18378fc5715083fb26bd0d62f382 Sha1: ee683e481a4501d2ab8ca63d1426d6fab6f2b064 Sha256: 8aade71c4b55f6a9daab28a05a90bcc3c6c01b700aa48d2f8ccdb1992fa5ee81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7083 x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CHY_gFu8IAMFh9g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0 x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg== via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 21:51:03 GMT age: 48079 etag: "76213c7d5c759471ed3823888860f918ac7e8f13" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7083 Md5: 40d24dfcd9f0afe0e4077384f16cc494 Sha1: 76213c7d5c759471ed3823888860f918ac7e8f13 Sha256: fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4000 x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CJpraEqyoAMFgNQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0 x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: k6VaCG5oTQnKOvKJnleVqxIIc9yOgdOL0oPcL0ZSVw7DZQ8_GzFoZQ== via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 21:47:43 GMT age: 48279 etag: "b798268806dc2f79f033e5872676019faf0e0cc1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4000 Md5: 85351059b67b0a42eda7e69a31b3b4b4 Sha1: b798268806dc2f79f033e5872676019faf0e0cc1 Sha256: 86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6692 x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM9d9FcOoAMFaFQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A== via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google date: Thu, 23 Mar 2023 07:54:24 GMT age: 11878 etag: "156ef59e53564a4f2b27002b2695fafecd578d82" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6692 Md5: c05bfdf1411a931d8ea9adc64b07bc74 Sha1: 156ef59e53564a4f2b27002b2695fafecd578d82 Sha256: 15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b Upgrade-Insecure-Requests: 1	162.241.123.12 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Thu, 23 Mar 2023 11:12:22 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 2953 Keep-Alive: timeout=5, max=73 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (717), with CRLF line terminators Size: 2953 Md5: 97b9ffa91791fba26591e9bf8cd13076 Sha1: 7cc2fcf03f853bc12487be7dff488fdc64f39854 Sha256: 9aab3013d52b27e4051539af93a83dc496edf4ce76f6e4cc8cfee42d1a7762de
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://mbtinfor.cloud/1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b	162.241.123.12 HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 23 Mar 2023 11:12:24 GMT Server: Apache Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 355 Keep-Alive: timeout=5, max=72 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Size: 355 Md5: cb50b952a1a41c3358018129e081d511 Sha1: 9b3ce22f173597240fd0c22ff649f3ffb9c6ea99 Sha256: 791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0 urlquery: - Phishing - M&T Bank IDS: - ET INFO 404 Response with Javascript Variable in Page
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://mbtinfor.cloud/1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b	162.241.123.12 HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 23 Mar 2023 11:12:24 GMT Server: Apache Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 355 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Size: 355 Md5: cb50b952a1a41c3358018129e081d511 Sha1: 9b3ce22f173597240fd0c22ff649f3ffb9c6ea99 Sha256: 791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0 urlquery: - Phishing - M&T Bank IDS: - ET INFO 404 Response with Javascript Variable in Page
GET /Assets/scripts/Login/Index.js HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://mbtinfor.cloud/1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b	162.241.123.12 HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 23 Mar 2023 11:12:24 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 355 Keep-Alive: timeout=5, max=75 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Size: 355 Md5: cb50b952a1a41c3358018129e081d511 Sha1: 9b3ce22f173597240fd0c22ff649f3ffb9c6ea99 Sha256: 791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0 urlquery: - Phishing - M&T Bank IDS: - ET INFO 404 Response with Javascript Variable in Page - ET INFO 404 Response with Javascript Variable in Page
GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://mbtinfor.cloud/1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b	162.241.123.12 HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 23 Mar 2023 11:12:24 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 355 Keep-Alive: timeout=5, max=75 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Size: 355 Md5: cb50b952a1a41c3358018129e081d511 Sha1: 9b3ce22f173597240fd0c22ff649f3ffb9c6ea99 Sha256: 791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0 urlquery: - Phishing - M&T Bank IDS: - ET INFO 404 Response with Javascript Variable in Page
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 79 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD" Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=1053 Expires: Thu, 23 Mar 2023 11:29:57 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: ed02e401fd9d42fbd4d9d0f7734e50b4 Sha1: 9d7c3db352a040065330f2780a2ed308a42d926a Sha256: 47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 79 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD" Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=1053 Expires: Thu, 23 Mar 2023 11:29:57 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: ed02e401fd9d42fbd4d9d0f7734e50b4 Sha1: 9d7c3db352a040065330f2780a2ed308a42d926a Sha256: 47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 79 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD" Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=1052 Expires: Thu, 23 Mar 2023 11:29:56 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: ed02e401fd9d42fbd4d9d0f7734e50b4 Sha1: 9d7c3db352a040065330f2780a2ed308a42d926a Sha256: 47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 79 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD" Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=1053 Expires: Thu, 23 Mar 2023 11:29:57 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: ed02e401fd9d42fbd4d9d0f7734e50b4 Sha1: 9d7c3db352a040065330f2780a2ed308a42d926a Sha256: 47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4" Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3495 Expires: Thu, 23 Mar 2023 12:10:39 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: dddcc9b15d08f61a046a43eaf5f02135 Sha1: ae09ab36525b50a240cba40c3b80ac1524bf80ff Sha256: f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4" Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3541 Expires: Thu, 23 Mar 2023 12:11:25 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: dddcc9b15d08f61a046a43eaf5f02135 Sha1: ae09ab36525b50a240cba40c3b80ac1524bf80ff Sha256: f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4" Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3472 Expires: Thu, 23 Mar 2023 12:10:16 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: dddcc9b15d08f61a046a43eaf5f02135 Sha1: ae09ab36525b50a240cba40c3b80ac1524bf80ff Sha256: f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4" Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3468 Expires: Thu, 23 Mar 2023 12:10:12 GMT Date: Thu, 23 Mar 2023 11:12:24 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: dddcc9b15d08f61a046a43eaf5f02135 Sha1: ae09ab36525b50a240cba40c3b80ac1524bf80ff Sha256: f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://mbtinfor.cloud/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Expires: Fri, 22 Mar 2024 11:12:24 GMT Last-Modified: Thu, 23 Mar 2023 11:12:23 GMT ETag: "1679569944:dtagent10259230221142207SN+M" Vary: User-Agent X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="1523576152" Date: Thu, 23 Mar 2023 11:12:24 GMT ntCoent-Length: 258715 Cache-Control: private Content-Encoding: gzip Set-Cookie: dtCookie=v_4_srv_11_sn_247E0880EC62D246DFFAF1E0AAE309DE_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=01fb46a926a9b722580e1e721628fabfc705df12e8c3ca0ff6debe729d2888170cfc4344c14cfc97a2641e764f2d8a5fcc39fa1a26; Path=/ TS0128739d=01fb46a92620fe7e400da06315c6d70a2346eff87bc3ca0ff6debe729d2888170cfc4344c142e0263e09c9b50c566d6aef128c973391fc3e7749d4e5c13acaee16f1cbabe9; path=/; domain=.mtb.com TSea15929a027=0856addebbab2000cafc0b6c150fe0370b62aa1b40d4dfebe7cb2629cec0083dfaa28cf8993315cc08fa02a5a6113000f0657783f7c55d770259c372020b51faccc82bf75460c387f9dd5b3d0ee18b72daa421428284fa27add02620bf0757e3; Path=/ Transfer-Encoding: chunked --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (65534), with no line terminators Size: 34708 Md5: 612ef637c25041c445e4fdf710694d70 Sha1: c4037320ef3bf75754dbba6ffbb712cc8ea947cd Sha256: d3f9b1bf0a23fba1044ec913042d5068e3445fe37aa9dc4ad2dff2b9fbcfbeef
GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1 Host: nexus.ensighten.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://mbtinfor.cloud/	54.230.111.35 HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 15 Connection: keep-alive Date: Thu, 23 Mar 2023 11:12:25 GMT x-amz-replication-status: COMPLETED Last-Modified: Fri, 03 Feb 2023 08:06:57 GMT ETag: "ffe905f50d9b47e6353b68513c4d48ac" x-amz-server-side-encryption: AES256 Cache-Control: no-cache, no-store x-amz-version-id: wavO2l7VyxB9HskbZfGyDtMNoZwuEJgp Accept-Ranges: bytes Server: CloudFront X-Cache: Error from cloudfront Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: 8C5F6xhy9DUfIflZ3YMOfCiTncbI_LYOcQ2BUDj0pvhGQAaMFYISaA== --- Additional Info --- Magic: ASCII text Size: 15 Md5: ffe905f50d9b47e6353b68513c4d48ac Sha1: d2c2ee4201cca3be67abf771ed1f1922fa94d083 Sha256: c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
GET /Assets/img/mtb-logo.svg HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://mbtinfor.cloud/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: image/svg+xml Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT Accept-Ranges: bytes ETag: "0f90d42153d91:0" X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="258879310" Date: Thu, 23 Mar 2023 11:12:24 GMT Content-Length: 2039 Set-Cookie: TSea15929a027=0856addebbab2000ced276be8c26cb2b6eb49cb54db81b2edab11f84aa2deea1cfb1ac72a2bd3e9c08083c276111300049ff13f392e4e1628eb3247bec8364cb1cd2fd69ad65ce3056b3ecea68726f54aad8865988917cdaf801e1219bfd041a; Path=/ --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators Size: 2039 Md5: f2b901cf895852a0866fe4a16c7f1730 Sha1: c4240af1ec798477b4e65a185ddbb1b038817da4 Sha256: 5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://mbtinfor.cloud/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: image/svg+xml Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT Accept-Ranges: bytes ETag: "0f90d42153d91:0" X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="-284557800" Date: Thu, 23 Mar 2023 11:12:24 GMT Content-Length: 230 Set-Cookie: TSea15929a027=0856addebbab20008fd64e545ae642b5de2ad348d1bf1f02a6b20fbbf8cd9eb63a734450821cc0050889458ba1113000a46b9e200280387d8eb3247bec8364cbf80e394b75d8527ef7960883f2c64921a313499eac2125db58f8dd16347731bf; Path=/ --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators Size: 230 Md5: 916635d10512ae6a1840614a895dcd38 Sha1: db175de4c42281bb4d239c57d1b95b8e75c529ec Sha256: d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
GET /Assets/img/mtb-entrust.svg HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://mbtinfor.cloud/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: image/svg+xml Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT Accept-Ranges: bytes ETag: "0f90d42153d91:0" X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="-296452583" Date: Thu, 23 Mar 2023 11:12:24 GMT Content-Length: 1349 Set-Cookie: TSea15929a027=0856addebbab200083b545e07703746ffcc3fd1e1f8e39a56dd49ccbd6f8d7a9854197bb31602bd1083ff789c5113000b61c53951be766b18eb3247bec8364cb494456705b3b291178c40e946e5c6263f41c9cceb98f0511cda380dd7eab53ea; Path=/ --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators Size: 1349 Md5: 9a569ad20708d7453d89fe6c72e7fcdc Sha1: 60b6a41620583484642f7c826faf8e3c879a6374 Sha256: b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://mbtinfor.cloud/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Expires: Fri, 22 Mar 2024 11:12:24 GMT Last-Modified: Thu, 23 Mar 2023 11:12:23 GMT ETag: "1679569944:dtagent10259230221142207SN+M" Vary: User-Agent X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="772388921" Date: Thu, 23 Mar 2023 11:12:24 GMT Cteonnt-Length: 322405 Cache-Control: private Content-Encoding: gzip Set-Cookie: dtCookie=v_4_srv_4_sn_E0CC498416214D2135D0E8697FBA4B40_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=01fb46a9268df2488c6f25a0c05ff81a7cac54d5d1828b471f0d2192a77602551fc4923601932bd7b5c47c24e0e07406677a18ecf9; Path=/ TS0128739d=01fb46a926951b2590b17fdf3aee0d19de093d02a6828b471f0d2192a77602551fc492360143131d16b4653e92cc18ed80dd97ad083b32eba1913d2df4bf0ba4b08be79782; path=/; domain=.mtb.com TSea15929a027=0856addebbab2000b4b0ea030231222d1c61a84b886ae2dc87447b0654ee73036490430320073a8308949570d11130004a5318e2dbb6109e0259c372020b51fae55715f0a6e72622073d8134ddf5c7069752594d8099c3de4d6547ce472d62e7; Path=/ Transfer-Encoding: chunked --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 103531 Md5: 727a0de3144aa33cd4534796486e2363 Sha1: 86ed4f75d976f4f5974724a6a19723798f29386e Sha256: 4944e8c395c12a394fb7be2e85d249d24381a5848f743a5d63bf2b0edda3bcdc
GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://mbtinfor.cloud Connection: keep-alive Referer: https://resources.mtb.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT Accept-Ranges: bytes ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M" X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="1167739583", dtTao;desc="1" Date: Thu, 23 Mar 2023 11:12:25 GMT Content-Length: 4776 Set-Cookie: dtCookie=v_4_srv_4_sn_BAB9CF693EAC79CA0EE7450F5F9EE286_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=01fb46a9263c465239834d2ce80ae79fe2058639d37501de5f00ff9474ce8d1ddfa899f01e8549f8df94bd350f618208986be041c8; Path=/ TS0128739d=01fb46a926831a4f408047d014e5b16c0e2a0ecce87501de5f00ff9474ce8d1ddfa899f01ea72b3e390b5068dfa2deb3560da4c4d1c167ed89f4f4d66346bebfa8618da5d7; path=/; domain=.mtb.com TSea15929a027=0856addebbab200063b8f5c807778d7f8f1ca893cc9c4ee4487e93bc8b002ffc683b3300f310a28508d8a56981113000bd7ab17ab00005088eb3247bec8364cb0203267553a61f02ebd805edcef561f5e9c545c29b8f5dbca97f70bcf41e9b75; Path=/ --- Additional Info --- Magic: Web Open Font Format, TrueType, length 4776, version 1.0\012- data Size: 4776 Md5: ac13691b89191d11d0e5577eb3cf3d53 Sha1: 0126fa82c0ab022e61b5de74f1fe3e204a905a7b Sha256: 108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
GET /Assets/scripts/Login/Index.js HTTP/1.1 Host: mbtinfor.cloud User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://mbtinfor.cloud/1e537f6a6bc5c6302d4014e0560ac2f6/?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b	162.241.123.12 HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 23 Mar 2023 11:12:25 GMT Server: Apache Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 355 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text Size: 355 Md5: cb50b952a1a41c3358018129e081d511 Sha1: 9b3ce22f173597240fd0c22ff649f3ffb9c6ea99 Sha256: 791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0 urlquery: - Phishing - M&T Bank IDS: - ET INFO 404 Response with Javascript Variable in Page - ET INFO 404 Response with Javascript Variable in Page
GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://mbtinfor.cloud Connection: keep-alive Referer: https://resources.mtb.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT Accept-Ranges: bytes ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M" X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="910303464", dtTao;desc="1" Date: Thu, 23 Mar 2023 11:12:25 GMT Content-Length: 67671 Set-Cookie: dtCookie=v_4_srv_2_sn_6FF370E44100D38B6CAE0BF8A5BC0BB2_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com TS019299a7=01fb46a9260b71bb36e2867880273baaeac4cc6d8adcc2ea78f77249b9ef0677831dfd48ecde98053189ab251a3aebb276ec5cbfb7; Path=/ TS0128739d=01fb46a926dbe4efe1f85f2e928fbe62cd70ba53b4dcc2ea78f77249b9ef0677831dfd48ec78b2819c64c265eb8c29afbb4dd7278a96432f52018a70792ba28ea1652165c4; path=/; domain=.mtb.com TSea15929a027=0856addebbab2000ce26bc85962a4695b1269dd3229c8c4167a280d6970d6f833d5d8f5abc618b22089b9878a61130001c8839ff49efcc348eb3247bec8364cb84227c63bc5e66f72092cc26d162b2e933b8a280af2d5835e4341569a47f41ce; Path=/ --- Additional Info --- Magic: Web Open Font Format, TrueType, length 67671, version 1.0\012- data Size: 67671 Md5: 6cd469e8613d82d4d07834a5ca7745f0 Sha1: 95347ba0a03d27e1aa91bc17c937d8aefe53e6ff Sha256: 4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1 Host: resources.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://mbtinfor.cloud Connection: keep-alive Referer: https://resources.mtb.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	24.75.29.77 HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT Accept-Ranges: bytes ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M" X-Srv: B-SC-02 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1434762085", dtTao;desc="1" Date: Thu, 23 Mar 2023 11:12:25 GMT Content-Length: 64318 Set-Cookie: dtCookie=v_4_srv_1_sn_419BE51A97442FB853D3000E7A7EA313_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=01fb46a9262d7cf204181f8c9089f334738e50db639883f0bee1d0c043528d9e39979de2b4f3452f200dc21f534e842c00d05d1ab3; Path=/ TS0128739d=01fb46a9266710c6a7b3d412aa3d5712c606b18b609883f0bee1d0c043528d9e39979de2b45a84bcb6ccc6b4e6bf933b36d237ad26d7bd6c17f256c53b73b272b7d9b22f09; path=/; domain=.mtb.com TSea15929a027=0856addebbab2000c6c8a2c425ca47b0a6c885206cea49b0034f68105a2fd6dc8e766ffa2f9bf2b1085e55387311300099e90d2bd7dd84cb8eb3247bec8364cb8aa6aaaa96298e1977e80a30e1a47579ad7999c11ce5534ff6f338940a9705ec; Path=/ --- Additional Info --- Magic: Web Open Font Format, TrueType, length 64318, version 1.0\012- data Size: 64318 Md5: b245a55f7e33e1cf4d2477570936ef84 Sha1: 12bf1c1eda6db246778f7c343acebbaad8fa36f4 Sha256: b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
POST / HTTP/1.1 Host: ocsp.entrust.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.110.10.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response ETag: "752075998100A9878D438F79E9BFEA5E559841EBF6F26BCF9769F1DFC7413D15" Last-Modified: Thu, 23 Mar 2023 03:00:00 UTC Content-Length: 1588 Cache-Control: public, no-transform, must-revalidate, max-age=3496 Expires: Thu, 23 Mar 2023 12:10:41 GMT Date: Thu, 23 Mar 2023 11:12:25 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 1588 Md5: 64bbcaf8aa4aa14e359541e907a1fc7a Sha1: 05561a4cad7263861af68921b4689de7dd758fd8 Sha256: 752075998100a9878d438f79e9bfea5e559841ebf6f26bcf9769f1dfc7413d15
GET /Documents/html/homepage/favicon.ico HTTP/1.1 Host: asset.mtb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://mbtinfor.cloud/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	54.230.111.37 HTTP/2 200 OK content-type: image/x-icon content-length: 14862 accept-ranges: bytes content-disposition: inline content-encoding: gzip last-modified: Wed, 04 May 2022 18:18:59 GMT server: Apache strict-transport-security: max-age=31536000; includeSubdomains; preload x-content-type-options: nosniff x-dispatcher: dispatcher2useast1 x-frame-options: SAMEORIGIN x-vhost: publish date: Thu, 23 Mar 2023 11:12:25 GMT cache-control: max-age=3600, no-cache="set-cookie" etag: "3dce-5de33a8b9cac0-gzip" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: NDUg7QQfIm43DlL_dVyMOX5DbUFyEQDan9deXEfOMPiyog5V-8gKeA== age: 2 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data Size: 14862 Md5: e82f458a5c1c5353a97401eccc925613 Sha1: 949d6c8d06ca14b52f496c20f63fae269b6708c2 Sha256: cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.76.226

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9" 

                                            
                                                
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=8825 

                                            
                                                
Expires: Thu, 23 Mar 2023 13:39:24 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:19 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    bea3185dd820a31c1981317f37c3456d

                                                Sha1:   1a548a5d27270fc11df9011837a7149571cedd78

                                                Sha256: 469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9

                                        
                                            GET /v1/ HTTP/1.1 

                                        
                                            
Host: firefox.settings.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             35.241.9.150

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: application/json

                                            

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff 

                                            
                                                
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; 

                                            
                                                
strict-transport-security: max-age=31536000 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
content-length: 939 

                                            
                                                
via: 1.1 google 

                                            
                                                
date: Thu, 23 Mar 2023 10:15:05 GMT 

                                            
                                                
age: 3434 

                                            
                                                
cache-control: max-age=3600,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators

                                                Size:   939

                                                Md5:    84db75194692d4afe13196bda6f22da8

                                                Sha1:   4c1f49bc973a4917f146d93c8d598344edc021f6

                                                Sha256: a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 

                                        
                                            
Host: content-signature-2.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.160.144.191

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: binary/octet-stream

                                            

                                            
                                                
x-amz-id-2: zKXPJl60t2Qkgft5P+24AplJh6HSufJFJkvpPp2sGq1ntf76wNsFnWymPcSHuY6mH+wMJUuRIwM= 

                                            
                                                
x-amz-request-id: 6GQAFJR9Q1MXK6RA 

                                            
                                                
x-amz-server-side-encryption: AES256 

                                            
                                                
content-disposition: attachment 

                                            
                                                
accept-ranges: bytes 

                                            
                                                
server: AmazonS3 

                                            
                                                
content-length: 5348 

                                            
                                                
via: 1.1 google 

                                            
                                                
date: Thu, 23 Mar 2023 10:54:01 GMT 

                                            
                                                
age: 1099 

                                            
                                                
last-modified: Sat, 11 Mar 2023 16:53:15 GMT 

                                            
                                                
etag: "e7bace7c1e04d44012e37ddffe36e5d5" 

                                            
                                                
cache-control: public,max-age=3600 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  PEM certificate\012- , ASCII text

                                                Size:   5348

                                                Md5:    e7bace7c1e04d44012e37ddffe36e5d5

                                                Sha1:   3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2

                                                Sha256: 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

                                        
                                            GET /v1/tiles HTTP/1.1 

                                        
                                            
Host: contile.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.117.237.239

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: application/json

                                            

                                            
                                                
server: nginx 

                                            
                                                
date: Thu, 23 Mar 2023 11:12:20 GMT 

                                            
                                                
content-length: 12 

                                            
                                                
access-control-allow-credentials: true 

                                            
                                                
access-control-expose-headers: content-type 

                                            
                                                
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers 

                                            
                                                
strict-transport-security: max-age=31536000 

                                            
                                                
via: 1.1 google 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JSON data\012- , ASCII text, with no line terminators

                                                Size:   12

                                                Md5:    23e88fb7b99543fb33315b29b1fad9d6

                                                Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

                                                Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.76.226

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF" 

                                            
                                                
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=4131 

                                            
                                                
Expires: Thu, 23 Mar 2023 12:21:11 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:20 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    050ca4dc2182e0a27573b0d9f32b7834

                                                Sha1:   bec14dc5af0d0b32210470673511acd8db404308

                                                Sha256: b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf

                                        
                                            GET /index.php HTTP/1.1 

                                        
                                            
Host: mbtinfor.cloud

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Cookie: PHPSESSID=a561b9a305ca1413e27e22d910d50f7b 

                                        
                                            
Upgrade-Insecure-Requests: 1

                                        
                                             162.241.123.12

                                            
                                                HTTP/1.1 302 Moved Temporarily 

                                            
                                                
Content-Type: text/html; charset=UTF-8

                                            

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:20 GMT 

                                            
                                                
Server: Apache 

                                            
                                                
Expires: Thu, 19 Nov 1981 08:52:00 GMT 

                                            
                                                
Cache-Control: no-store, no-cache, must-revalidate 

                                            
                                                
Pragma: no-cache 

                                            
                                                
Upgrade: h2,h2c 

                                            
                                                
Connection: Upgrade, Keep-Alive 

                                            
                                                
Location: 1e537f6a6bc5c6302d4014e0560ac2f6?token=c978fb582a12016ee9d1328664ee5c26c1d01b9999a0ab62a5ff2742a44e16fd3c4cfcae7560a740a0977365ef90b262bbc215a80c3cdd6c6bd548fe6024557a 

                                            
                                                
Vary: Accept-Encoding 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
Content-Length: 22 

                                            
                                                
Keep-Alive: timeout=5, max=75 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  ASCII text

                                                Size:   22

                                                Md5:    463423f62d72f0be0533a6b7f210fb35

                                                Sha1:   af361bf21971a8a9f15d8146e05ac69c5a30834f

                                                Sha256: 4dc8d44ac335e82b032a385918448022803a1f313fa4e866a08ecb3a6233c90f

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             23.36.76.226

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Content-Length: 503 

                                            
                                                
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" 

                                            
                                                
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=10057 

                                            
                                                
Expires: Thu, 23 Mar 2023 13:59:59 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:22 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   503

                                                Md5:    a0d3d7099bbc5fed74a6e78e1a3096bf

                                                Sha1:   96afaf8b3ac053577c56aca5f4a20d8655ecb771

                                                Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/jpeg

                                            

                                            
                                                
server: nginx 

                                            
                                                
content-length: 7419 

                                            
                                                
x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9 

                                            
                                                
x-xss-protection: 1; mode=block 

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                            
                                                
x-amz-apigw-id: B9xbnE7OIAMFW2g= 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0 

                                            
                                                
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT 

                                            
                                                
x-amz-cf-pop: SEA19-C3 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
x-amz-cf-id: W_FZ-TYlfmS1JSvZVG4v_4Iag3ssm5J2oYgk0LBdKqv-Q0KST6FkDQ== 

                                            
                                                
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google 

                                            
                                                
date: Wed, 22 Mar 2023 20:21:35 GMT 

                                            
                                                
age: 53447 

                                            
                                                
etag: "3518e8a18807209e94011806a96492e0d86ee9c9" 

                                            
                                                
cache-control: max-age=3600,public,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   7419

                                                Md5:    f777f840a3fc7e500c57a7cbdf88f26d

                                                Sha1:   3518e8a18807209e94011806a96492e0d86ee9c9

                                                Sha256: 44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/jpeg

                                            

                                            
                                                
server: nginx 

                                            
                                                
content-length: 7083 

                                            
                                                
x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0 

                                            
                                                
x-xss-protection: 1; mode=block 

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                            
                                                
x-amz-apigw-id: CHY_gFu8IAMFh9g= 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0 

                                            
                                                
x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT 

                                            
                                                
x-amz-cf-pop: SEA19-C1 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg== 

                                            
                                                
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google 

                                            
                                                
date: Wed, 22 Mar 2023 21:51:03 GMT 

                                            
                                                
age: 48079 

                                            
                                                
etag: "76213c7d5c759471ed3823888860f918ac7e8f13" 

                                            
                                                
cache-control: max-age=3600,public,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   7083

                                                Md5:    40d24dfcd9f0afe0e4077384f16cc494

                                                Sha1:   76213c7d5c759471ed3823888860f918ac7e8f13

                                                Sha256: fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76

                                            
                                                HTTP/2 200 OK 

                                            
                                                
content-type: image/jpeg

                                            

                                            
                                                
server: nginx 

                                            
                                                
content-length: 6692 

                                            
                                                
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b 

                                            
                                                
x-xss-protection: 1; mode=block 

                                            
                                                
access-control-allow-origin: * 

                                            
                                                
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                            
                                                
x-frame-options: DENY 

                                            
                                                
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                            
                                                
x-amz-apigw-id: CM9d9FcOoAMFaFQ= 

                                            
                                                
x-content-type-options: nosniff 

                                            
                                                
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0 

                                            
                                                
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT 

                                            
                                                
x-amz-cf-pop: SEA19-C1 

                                            
                                                
x-cache: Hit from cloudfront 

                                            
                                                
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A== 

                                            
                                                
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google 

                                            
                                                
date: Thu, 23 Mar 2023 07:54:24 GMT 

                                            
                                                
age: 11878 

                                            
                                                
etag: "156ef59e53564a4f2b27002b2695fafecd578d82" 

                                            
                                                
cache-control: max-age=3600,public,public 

                                            
                                                
alt-svc: clear 

                                            
                                                
X-Firefox-Spdy: h2 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   6692

                                                Md5:    c05bfdf1411a931d8ea9adc64b07bc74

                                                Sha1:   156ef59e53564a4f2b27002b2695fafecd578d82

                                                Sha256: 15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.entrust.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 79 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             104.110.10.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD" 

                                            
                                                
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC 

                                            
                                                
Content-Length: 1588 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=1053 

                                            
                                                
Expires: Thu, 23 Mar 2023 11:29:57 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   1588

                                                Md5:    ed02e401fd9d42fbd4d9d0f7734e50b4

                                                Sha1:   9d7c3db352a040065330f2780a2ed308a42d926a

                                                Sha256: 47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.entrust.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 79 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             104.110.10.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD" 

                                            
                                                
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC 

                                            
                                                
Content-Length: 1588 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=1052 

                                            
                                                
Expires: Thu, 23 Mar 2023 11:29:56 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   1588

                                                Md5:    ed02e401fd9d42fbd4d9d0f7734e50b4

                                                Sha1:   9d7c3db352a040065330f2780a2ed308a42d926a

                                                Sha256: 47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.entrust.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             104.110.10.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4" 

                                            
                                                
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC 

                                            
                                                
Content-Length: 1588 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=3495 

                                            
                                                
Expires: Thu, 23 Mar 2023 12:10:39 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   1588

                                                Md5:    dddcc9b15d08f61a046a43eaf5f02135

                                                Sha1:   ae09ab36525b50a240cba40c3b80ac1524bf80ff

                                                Sha256: f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.entrust.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             104.110.10.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4" 

                                            
                                                
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC 

                                            
                                                
Content-Length: 1588 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=3472 

                                            
                                                
Expires: Thu, 23 Mar 2023 12:10:16 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   1588

                                                Md5:    dddcc9b15d08f61a046a43eaf5f02135

                                                Sha1:   ae09ab36525b50a240cba40c3b80ac1524bf80ff

                                                Sha256: f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4

                                        
                                            GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1 

                                        
                                            
Host: resources.mtb.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: text/css,*/*;q=0.1 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://mbtinfor.cloud/ 

                                        
                                            
Sec-Fetch-Dest: style 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             24.75.29.77

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/css; charset=utf-8

                                            

                                            
                                                
Expires: Fri, 22 Mar 2024 11:12:24 GMT 

                                            
                                                
Last-Modified: Thu, 23 Mar 2023 11:12:23 GMT 

                                            
                                                
ETag: "1679569944:dtagent10259230221142207SN+M" 

                                            
                                                
Vary: User-Agent 

                                            
                                                
X-Srv: B-SC-02 

                                            
                                                
Access-Control-Allow-Origin: * 

                                            
                                                
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ 

                                            
                                                
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1523576152" 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
ntCoent-Length: 258715 

                                            
                                                
Cache-Control: private 

                                            
                                                
Content-Encoding: gzip 

                                            
                                                
Set-Cookie: dtCookie=v_4_srv_11_sn_247E0880EC62D246DFFAF1E0AAE309DE_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926a9b722580e1e721628fabfc705df12e8c3ca0ff6debe729d2888170cfc4344c14cfc97a2641e764f2d8a5fcc39fa1a26; Path=/
TS0128739d=01fb46a92620fe7e400da06315c6d70a2346eff87bc3ca0ff6debe729d2888170cfc4344c142e0263e09c9b50c566d6aef128c973391fc3e7749d4e5c13acaee16f1cbabe9; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000cafc0b6c150fe0370b62aa1b40d4dfebe7cb2629cec0083dfaa28cf8993315cc08fa02a5a6113000f0657783f7c55d770259c372020b51faccc82bf75460c387f9dd5b3d0ee18b72daa421428284fa27add02620bf0757e3; Path=/ 

                                            
                                                
Transfer-Encoding: chunked 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Unicode text, UTF-8 text, with very long lines (65534), with no line terminators

                                                Size:   34708

                                                Md5:    612ef637c25041c445e4fdf710694d70

                                                Sha1:   c4037320ef3bf75754dbba6ffbb712cc8ea947cd

                                                Sha256: d3f9b1bf0a23fba1044ec913042d5068e3445fe37aa9dc4ad2dff2b9fbcfbeef

                                        
                                            GET /Assets/img/mtb-logo.svg HTTP/1.1 

                                        
                                            
Host: resources.mtb.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://mbtinfor.cloud/ 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             24.75.29.77

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/svg+xml

                                            

                                            
                                                
Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
ETag: "0f90d42153d91:0" 

                                            
                                                
X-Srv: B-SC-02 

                                            
                                                
Access-Control-Allow-Origin: * 

                                            
                                                
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ 

                                            
                                                
Server-Timing: dtSInfo;desc="0", dtRpid;desc="258879310" 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
Content-Length: 2039 

                                            
                                                
Set-Cookie: TSea15929a027=0856addebbab2000ced276be8c26cb2b6eb49cb54db81b2edab11f84aa2deea1cfb1ac72a2bd3e9c08083c276111300049ff13f392e4e1628eb3247bec8364cb1cd2fd69ad65ce3056b3ecea68726f54aad8865988917cdaf801e1219bfd041a; Path=/ 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators

                                                Size:   2039

                                                Md5:    f2b901cf895852a0866fe4a16c7f1730

                                                Sha1:   c4240af1ec798477b4e65a185ddbb1b038817da4

                                                Sha256: 5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

                                        
                                            GET /Assets/img/mtb-entrust.svg HTTP/1.1 

                                        
                                            
Host: resources.mtb.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: http://mbtinfor.cloud/ 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: no-cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             24.75.29.77

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: image/svg+xml

                                            

                                            
                                                
Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
ETag: "0f90d42153d91:0" 

                                            
                                                
X-Srv: B-SC-02 

                                            
                                                
Access-Control-Allow-Origin: * 

                                            
                                                
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ 

                                            
                                                
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-296452583" 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:24 GMT 

                                            
                                                
Content-Length: 1349 

                                            
                                                
Set-Cookie: TSea15929a027=0856addebbab200083b545e07703746ffcc3fd1e1f8e39a56dd49ccbd6f8d7a9854197bb31602bd1083ff789c5113000b61c53951be766b18eb3247bec8364cb494456705b3b291178c40e946e5c6263f41c9cceb98f0511cda380dd7eab53ea; Path=/ 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators

                                                Size:   1349

                                                Md5:    9a569ad20708d7453d89fe6c72e7fcdc

                                                Sha1:   60b6a41620583484642f7c826faf8e3c879a6374

                                                Sha256: b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

                                        
                                            GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1 

                                        
                                            
Host: resources.mtb.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: identity 

                                        
                                            
Origin: http://mbtinfor.cloud 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://resources.mtb.com/ 

                                        
                                            
Sec-Fetch-Dest: font 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             24.75.29.77

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: APPLICATION/X-WOFF

                                            

                                            
                                                
Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M" 

                                            
                                                
X-Srv: B-SC-02 

                                            
                                                
Access-Control-Allow-Origin: * 

                                            
                                                
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ 

                                            
                                                
Timing-Allow-Origin: * 

                                            
                                                
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1167739583", dtTao;desc="1" 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:25 GMT 

                                            
                                                
Content-Length: 4776 

                                            
                                                
Set-Cookie: dtCookie=v_4_srv_4_sn_BAB9CF693EAC79CA0EE7450F5F9EE286_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a9263c465239834d2ce80ae79fe2058639d37501de5f00ff9474ce8d1ddfa899f01e8549f8df94bd350f618208986be041c8; Path=/
TS0128739d=01fb46a926831a4f408047d014e5b16c0e2a0ecce87501de5f00ff9474ce8d1ddfa899f01ea72b3e390b5068dfa2deb3560da4c4d1c167ed89f4f4d66346bebfa8618da5d7; path=/; domain=.mtb.com
TSea15929a027=0856addebbab200063b8f5c807778d7f8f1ca893cc9c4ee4487e93bc8b002ffc683b3300f310a28508d8a56981113000bd7ab17ab00005088eb3247bec8364cb0203267553a61f02ebd805edcef561f5e9c545c29b8f5dbca97f70bcf41e9b75; Path=/ 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Web Open Font Format, TrueType, length 4776, version 1.0\012- data

                                                Size:   4776

                                                Md5:    ac13691b89191d11d0e5577eb3cf3d53

                                                Sha1:   0126fa82c0ab022e61b5de74f1fe3e204a905a7b

                                                Sha256: 108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df

                                        
                                            GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1 

                                        
                                            
Host: resources.mtb.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: identity 

                                        
                                            
Origin: http://mbtinfor.cloud 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Referer: https://resources.mtb.com/ 

                                        
                                            
Sec-Fetch-Dest: font 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                        
                                             24.75.29.77

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: APPLICATION/X-WOFF

                                            

                                            
                                                
Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT 

                                            
                                                
Accept-Ranges: bytes 

                                            
                                                
ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M" 

                                            
                                                
X-Srv: B-SC-02 

                                            
                                                
Access-Control-Allow-Origin: * 

                                            
                                                
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ 

                                            
                                                
Timing-Allow-Origin: * 

                                            
                                                
Server-Timing: dtSInfo;desc="0", dtRpid;desc="910303464", dtTao;desc="1" 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:25 GMT 

                                            
                                                
Content-Length: 67671 

                                            
                                                
Set-Cookie: dtCookie=v_4_srv_2_sn_6FF370E44100D38B6CAE0BF8A5BC0BB2_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=01fb46a9260b71bb36e2867880273baaeac4cc6d8adcc2ea78f77249b9ef0677831dfd48ecde98053189ab251a3aebb276ec5cbfb7; Path=/
TS0128739d=01fb46a926dbe4efe1f85f2e928fbe62cd70ba53b4dcc2ea78f77249b9ef0677831dfd48ec78b2819c64c265eb8c29afbb4dd7278a96432f52018a70792ba28ea1652165c4; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000ce26bc85962a4695b1269dd3229c8c4167a280d6970d6f833d5d8f5abc618b22089b9878a61130001c8839ff49efcc348eb3247bec8364cb84227c63bc5e66f72092cc26d162b2e933b8a280af2d5835e4341569a47f41ce; Path=/ 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  Web Open Font Format, TrueType, length 67671, version 1.0\012- data

                                                Size:   67671

                                                Md5:    6cd469e8613d82d4d07834a5ca7745f0

                                                Sha1:   95347ba0a03d27e1aa91bc17c937d8aefe53e6ff

                                                Sha256: 4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.entrust.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             104.110.10.32

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: application/ocsp-response

                                            

                                            
                                                
ETag: "752075998100A9878D438F79E9BFEA5E559841EBF6F26BCF9769F1DFC7413D15" 

                                            
                                                
Last-Modified: Thu, 23 Mar 2023 03:00:00 UTC 

                                            
                                                
Content-Length: 1588 

                                            
                                                
Cache-Control: public, no-transform, must-revalidate, max-age=3496 

                                            
                                                
Expires: Thu, 23 Mar 2023 12:10:41 GMT 

                                            
                                                
Date: Thu, 23 Mar 2023 11:12:25 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  data

                                                Size:   1588

                                                Md5:    64bbcaf8aa4aa14e359541e907a1fc7a

                                                Sha1:   05561a4cad7263861af68921b4689de7dd758fd8

                                                Sha256: 752075998100a9878d438f79e9bfea5e559841ebf6f26bcf9769f1dfc7413d15

URL	mbtinfor.cloud/624f861e65036b0dcebeab0b3b62cd88/?token=7852d9765a678edeeb168733c5b7b3ca666ea48b370a04fdb13230f1c892a1ad7675632d9304451749c24d2adcc8a744dfe1ad21e14b2cdcd38b289994282931","ReportType":"Phishing","ReportClass":"Content","SourceIp":"162.241.123.12
IP	162.241.123.12 (United States)
ASN	#46606 UNIFIEDLAYER-AS-1
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-03-23 11:12:30 UTC
Status	Loading report..
IDS alerts	6
Blocklist alert	0
urlquery alerts	7 Phishing - M&T Bank
Tags	mt_bank financial phishing

Overview

Domain Summary (11)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.241.123.12

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Last 3 reports on domain: mbtinfor.cloud

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (2)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (44)

Overview

Domain Summary (11)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.241.123.12

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Last 3 reports on domain: mbtinfor.cloud

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (2)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (44)

Network Intrusion Detection Systems